This internet draft is available at: http://quimby.gnus.org/internet-drafts/draft-aboba-nat-ipsec-04.txt
Ken Emery wrote:
I can't figure out if anything happened with this draft (I'm guessing nothing went on). The draft expired on December 1, 2001.
IPSec NAT Traversal is still being standardized, but has already been implemented in a good number of products. Current drafts: http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-07.txt http://www.ietf.org/internet-drafts/draft-ietf-ipsec-udp-encaps-06.txt http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-reqts-05.txt Jon Lewis wrote:
But why all this talk of NAT? Even if we all universally deployed it on monday, it wouldn't solve the problem. All it would do is keep the spammer/hackers from turning grandma's PC into a web server/proxy.
As well as preventing infection from worms like Blaster, and so forth. It's hard to imagine one solution solving the entire laundry list of problems. One step at a time. That being said, NAT does break stuff and as has been mentioned, filtering is certainly possible without having to bring NAT into the mix. Microsoft assures us that the Windows firewall will be enabled by default starting with WinXP patches early next year. How easy will it be to turn it off? Will a virus be able to do it for you? -Terry